IDS mailing list archives
A free tool for Linux to detect NICs in promisc mode remotely
From: Andrey Pastukhov <a.pastukhov () gmail com>
Date: Wed, 01 Mar 2006 13:17:54 +0300
Hi everyone!I've been searching for a free program tool that allows remote detecting of network nodes in promiscuous mode. Found a few ones for Win32, but I need something for running on Linux and, if possible, a separate tool (not a module for sniffer or etc). So, I tried sentinel, and it seemed like it didn't work: neither -a, -d or -e modes failed to detect a linux box with tcpdump running (or after executing 'ifconfig -i eth0 promisc'). Maybe it's nothing wrong with it, and I do misunderstand something. But as far as i can see, sentinel uses well known and pretty old methods (for example, it looks like '-a' option turns on the one that was described in http://www.securityfriday.com/promiscuous_detection_01.pdf). Anyway, I would appreciate, if someone helped me to find a way of resolving this matter.
Thanks a lot! ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- A free tool for Linux to detect NICs in promisc mode remotely Andrey Pastukhov (Mar 02)